Share this story

Earlier this week, the Copyright Alert System (CAS)—better known as "six strikes"—finally debuted. Both Verizon and Comcast activated the service on Wednesday.

The new system is funded by a group known as the Center for Copyright Information (CCI), which is made up of five major American ISPs, the Motion Picture Association of America (MPAA), and the Recording Industry Association of America (RIAA). It's been in the works for years and may provide a significant change to the copyright infringement policing regime in the United States.

At the end of a series of six alerts, accused infringing customers could have their home Internet connection significantly slowed down. Those accused of infringing can file an appeal for $35. (Here's the CCI's new video explaining the process, as well as its new promo video.)

Both Verizon and Comcast updated their terms of service as of Wednesday, and each informed customers of their participation in six strikes on their websites. (But more than likely, most customers don’t spend much time checking out the corporate homepages of their ISPs.) Ars has reached out to all five of the participating ISPs—AT&T, Verizon, Cablevision, Time Warner Cable, and Comcast. Only the latter responded and agreed to provide copies of actual alerts. (Full disclosure: I am a Comcast customer.)

Charlie Douglas, a Comcast spokesperson, also told Ars that the company already sent out a “small number” of alerts despite this being the first day of Comcast's compliance. Douglas declined to disclose the actual number or the reason that number was being kept secret.

When Ars asked him to confirm that six strikes would not be able to see a potential violation if the user was using a VPN, he responded: “I think you’re right.”

Douglas did provide the language for alerts numbered one, two, four, and five. He has not yet responded concerning why Comcast is unable to provide the actual language for all six alerts or why he chose these particular ones to share with Ars. Comcast has also not shared any technical details of how it serves up an in-browser pop-up alert.

Numero uno

The notice refers to a comcast.net e-mail address. Prior to updating some information on my own account earlier this month, I’ve never seen any messages sent to that account. I didn't even know that I had it. Apparently I’m not the only one.

“I will note, just as a single data point, that I'm sure that I personally have a comcast.net e-mail account and that I have no idea what it is,” Sherwin Siy told Ars. He’s the vice president of legal affairs at the advocacy group Public Knowledge and also a residential Comcast customer in Washington, DC.

“Were I to receive one of these notices, a lot of my time would likely be spent trying to figure that information out so I could know what I was actually being accused of,” he added.

Comcast’s Douglas also told Ars that all alerts were communicated via e-mail to users' comcast.net e-mail address and via an in-browser pop-up. That could suggest that if a Comcast user maintains a constant VPN connection and doesn't check their Comcast e-mail account, they could plausibly say that they never received any alerts.

“Six strikes is fundamentally flawed”

First, were a customer to receive this alert, she would get it out of the blue with no explanation about what it is. Second, the Center for Copyright Information’s (CCI) emphasized that the CAS is an education-based, rather than a penalty-based, system. But none of the alerts appear to provide any education about copyright or point users to legal alternatives.

“What is ‘improperly?' This is one of the problems with the system,” Derek Bambauer, a tech law professor at the University of Arizona, e-mailed Ars after he saw the alert pages.

“Making a fair use of a copyrighted work is not infringement. Thus, even if I download an entire copy, if it's fair use, I am not an infringer—and yet, the private law of six strikes treats me as one.”

Bambauer collaborated with Chris Soghoian, a policy analyst at the American Civil Liberties Union, to submit Freedom of Information Act requests to learn more about the creation of the six strikes program. The two have a pending legal case to compel the Obama Administration’s Office of Management and Budget to release more information and related documents.

“Six strikes is fundamentally flawed,” Bambauer added. “Part of the reason is that users were never at the table: the bargaining parties were content owners and ISPs. And ISPs have very limited incentives to defend free speech or protect against mistakes—especially if all of their major competitors are in the system, too. No way to vote against the system with your feet.”

We’ve included copies of alerts two and five below. Have you received any CAS alerts from your ISP yet? Please share in the comments.

Promoted Comments

First - Good luck trying to get 2-way conversation with anyone at Comcast regarding this. If future results are based on past performance of theirs when trying to get a blacklisted IP address removed from their Network Abuse group back in NJ, every time you call you will be prompted to leave a message and someone will may call you back promptly never. I know as I used to work for them in a technicians, technicians role where I had to work with the poor souls standing in the customers house trying to get their service restored.

Secondly, how about a little more info on the alerts. I think if someone is going to threaten you with a warning like this, how about providing the 'evidence' in the warning? What file did I download or share that seems to be of concern? If you didn't know what you did wrong, how is the punishment supposed to correlate?

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

Share this story

Cyrus Farivar
Cyrus is a Senior Tech Policy Reporter at Ars Technica, and is also a radio producer and author. His latest book, Habeas Data, about the legal cases over the last 50 years that have had an outsized impact on surveillance and privacy law in America, is out now from Melville House. He is based in Oakland, California. Emailcyrus.farivar@arstechnica.com//Twitter@cfarivar

209 Reader Comments

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

I'm curious as how the fraction of people that will get these out of the total number of people that download movie and music.

I've met a couple of people that have gotten letters from Comcast in previous years telling them not to pirate stuff, but considering the amount of stuff I download, I'm surprised I've never gotten one.Then again, I've only met a couple of people that have gotten those letters, versus the many, many people I know who haven't.

Also, will they be using DPI to determine that I'm sharing? If I upload my own MP3s to my own cloud storage location, will they send me an email saying I'm infringing?

First - Good luck trying to get 2-way conversation with anyone at Comcast regarding this. If future results are based on past performance of theirs when trying to get a DHCP issued, incorrectly assigned blacklisted IP address removed from their Network Abuse group back in NJ, every time you call you will be prompted to leave a message and someone will may call you back promptly. I know as I used to work for them in a technicians, technician role where I had to work with the poor souls standing in the customers house trying to get their service restored.

Secondly, how about a little more info on the alerts. I think if someone is going to threaten you with a warning like this, how about providing the 'evidence' in the warning? What file did I download or share that seems to be of concern? If you didn't know what you did wrong, how is the punishment supposed to correlate?

Edit: Adding ancient history as the grey matter was a little slow today.

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

We've forwarded your comment to our friends at Comcast—and will update with any reply.

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

Yes. They inject javascript into arbitrary pages at random intervals. I believe that they inject a script tag into the HTML of an unsuspecting page. My provider pushed these out recently -- I am quite unhappy with this interference.

So, may I ask, exactly how do they know I'm pirating something? Do they have a massive database of content to check my traffic against? Are they just checking for traffic from "known pirate sites / services" like bit torrent which has plenty of legitimate uses? Are they logging any of this and can any of my personal information end up in said logs?

Love the plug for NBC with the icon above COMCAST. Even if Comcast owns NBC there is no reason for that icon to be there. Not like NBC is my cable internet provider. Kind of like if I am watching NBC, not likely, I don't expect to see a Comcast logo underneath the NBC icon.

UGH, I just don't like Comcast owning NBC. Seems like it would lead to Monopoly practices.

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

We've forwarded your comment to our friends at Comcast—and will update with any reply.

I contacted ArsTechnica when Cox started this, but never heard back. See: frontporch.com

“Making a fair use of a copyrighted work is not infringement. Thus, even if I download an entire copy, if it's fair use, I am not an infringer—and yet, the private law of six strikes treats me as one.”

You aren't getting these letters because you downloaded something. You're likely getting them because you also uploaded the same thing, as in you p2p'd it. There's no fair use in unlicensed distribution.

I checked with my ISP (Charter Communications) in regards to the 6 Stikes plan and they gave me the following response:

"The copyright alerts is an important issue, and Charter is diligent in complying with current copyright regulations and laws. We have been involved in discussions regarding the Copyright Alert System, and will remain engaged in evaluating its effectiveness, but elected not to participate in the proposed framework at this point, keeping in mind its potential impact to our customers and our business."

Of course the ISPs have signed on. If they claim you are in violation they get to limit your bandwidth. Try to fight it and thet charge you $35 for the right. They already don't want customers that use bandwidth.There's no down side for them.

“Making a fair use of a copyrighted work is not infringement. Thus, even if I download an entire copy, if it's fair use, I am not an infringer—and yet, the private law of six strikes treats me as one.”

You aren't getting these letters because you downloaded something. You're likely getting them because you also uploaded the same thing, as in you p2p'd it. There's no fair use in unlicensed distribution.

No there's no fair use in wholly distributing copyrighted works without a license. But if the content a user is distributing falls within a fair use exception, and a user uploads that content, and whatever mechanism that is monitoring the user's IP traffic determines the user's upload contains copyrighted material, then the user would receive a "strike." There are many well known examples of DMCA takedowns where the grounds for the takedown clearly did not include any fair use analysis. While this is understandable given the costly and case-by-case nature of fair use analyses, it exemplifies exactly how unlicensed distribution of copyrighted content could generate a "strike" without necessarily constituting an infringement of IP rights.

My ISP periodically displays unwanted notices in my browser (e.g., work in my area and in one case a storm warning or something like that). How they do it is when a new connection is attempted on port 80, they route the traffic to their web server instead of the destination. No Javascript-injection or spoofed DNS replies (which would be a problem anyway because of cached DNS replies), only a spoofed source address.

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

Heh, I remember back in BBS days once the sysadmin hijacked my login session to chat with me. I'd been downloading stuff and he supposed I'd amassed a collection… or it was just random. Asked if I wanted to trade warez. I was pretty freaked out. My first reaction was to ask if he wanted to talk to my mother, since I was about 8 years old.

The tides have turned. But yeah, the guy at the other end of the modem can do whatever he likes with unencrypted data.

I know there isn't exactly a plethora of options for internet providers out there, but if it gets to the point where you have six strikes and they start to throttle you, isn't that going to make you decide to jump ship to another provider? I'm currently with Time Warner, but there are at least two more options where I live (another cable provider and AT&T U-verse), so I don't get what the ISP gains from this. If they started throttling me, and I called them to cancel my service, would they actually rather see me go than stop the bandwidth limiting?

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

I don't know about Comcast specifically, but the ISP in my country has something similar in place. If it thinks my computer has a virus (port scans, mass email, etc.) it forces me to a warning page with a download for an antivirus program, and I have to click a button to continue on. It also has a different warning page if I forget to pay the ISP bills, etc.

But then the government also forces me to view a warning page if it thinks I'm visiting a page that the government doesn't like, so having the ISP do this to me seems to be far less intrusive.

Unfortunately, I foresee some other parties using a copy of this notice as a form of spear fishing, the messages are so nondescript that average people will probably fall into entering their information into a fake ISP website just to get more information on this sort of accusation.

I'm sure that Comcast the ISP will remain fully impartial now that it has acquired NBC and is now a content provider (not just a carrier), so you can trust that they have done their full due diligence in verifying that the evidence in the complaint was legitimate.

I think the end result will be that everyone treats "Comcastic" as a negative adjective.

1. Craft a generic Copyright Alerts System message. Provide a link to the CAS informational site to prove the authenticity of the message. As a "mitigation measure" ask for an appropriate amount to be paid via MoneyPak.2. Display your message using popups, spam emails, and malware.3. Profit!

Since this system already works so much like ransomeware, the scams practically write themselves.

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

If I had to guess, I'd think it's probably something along the lines of the modem's firmware, which I know some ISPs (e.g. Verizon) use to redirect you to a search page on 404s instead of just letting them fail.

Love the plug for NBC with the icon above COMCAST. Even if Comcast owns NBC there is no reason for that icon to be there. Not like NBC is my cable internet provider. Kind of like if I am watching NBC, not likely, I don't expect to see a Comcast logo underneath the NBC icon.

UGH, I just don't like Comcast owning NBC. Seems like it would lead to Monopoly practices.

I know there isn't exactly a plethora of options for internet providers out there, but if it gets to the point where you have six strikes and they start to throttle you, isn't that going to make you decide to jump ship to another provider? I'm currently with Time Warner, but there are at least two more options where I live (another cable provider and AT&T U-verse), so I don't get what the ISP gains from this. If they started throttling me, and I called them to cancel my service, would they actually rather see me go than stop the bandwidth limiting?

If they're stupid enough not to have a shared database of users with strikes against them, then switching providers could work. I'm betting they aren't that stupid.

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

It's not unlike what ISPs often do if you don't pay your bill. When you open your browser you are prompted to pay before you can use the internet again. They can do the same with the set top TV boxes to display similar messages. It isn't exactly hijacking DNS, it is just something that comes down the pipe from the source of your connection. Sort of like when you stay at a hotel and need to get through their portal page before you can get out on the net.

How would they display an alert inside a browser? They are injecting HTML into an existing session? Or hijacking DNS? What else could it be? If that's what they plan to do, then that in itself is a dangerous precedent. Ads appearing on random sites could be next.

If I had to guess, I'd think it's probably something along the lines of the modem's firmware, which I know some ISPs (e.g. Verizon) use to redirect you to a search page on 404s instead of just letting them fail.

As soon as my ISP (Cox) started doing this I set all my computers, and routers to use Google's DNS's at 8.8.8.8 and 8.8.4.4.

At least I have a pretty good idea of why Google may want to keep statistics on its DNS use (basically I trust Google more than *any* ISP -- it's all a matter of levels), and they simply return a 404 for a missing page. They also claim to be faster, which seems to be the case in reality.

Widespread SSL and DNSSEC can't come soon enough to stop this hijacking. Regardless, we have to fight this program. Call your ISP and complain. Maybe if ISPs get enough complaints they'll realize that this plan could hurt their bottom line.

So if you always do your internet surfing through Tor, how will this work? If they are always just checking port 80, you will never hit their page.I guess this basically falls under the whole VPN thing...Its also unlikely that you would get caught if everything you do is through Tor.

Heh, I remember back in BBS days once the sysadmin hijacked my login session to chat with me. I'd been downloading stuff and he supposed I'd amassed a collection… or it was just random. Asked if I wanted to trade warez. I was pretty freaked out. My first reaction was to ask if he wanted to talk to my mother, since I was about 8 years old.

The tides have turned. But yeah, the guy at the other end of the modem can do whatever he likes with unencrypted data.

Hah, yeah that's similar to how I got into the BBS scene.

I hat pirated software that I traded via. mail and friends, and then I bought a modem. I also knew the phonenumbers of pirate BBS'es, so i called them and made an account.

What I didn't realise was that those pirate BBS'es had a "legit" frontend, so that's all I saw. Oh well, not terrible interesting I thought, but there was some files. So I uploaded some of my own to download some of theres, and a SYSOP broke in !!!, to ask me why I was uploading files there, and wouldn't I rather have a real account?